After decompiling the SWF file 'Main.swf', a hardcoded credential in one of the products of GSX, namely GSX Analyzer, has been found. Credential is a superadmin account, which is not listed as a user in the userlist, but can be used to login GSX Analyzer portals. Seemingly a backdoor or a 'solution' to provide 'support' from the vendor. The found credentials are: Username: gsxlogin Password: gsxpassword A few sites externally on the internet are affected by this incident. Presumably all of the externally disclosed GSX analyzer portals have this vulnerability.
The vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction visiting a Web page or open a specially crafted SWF file, which contains ‘TAG’ invalid data.
The vulnerability allows a remote attacker to execute malicious code or access to part of dynamically allocated memory using a user interaction that opens a specially crafted PDF file containing an invalid font (.ttf ) including invalid data.
No authentication (login) is required to exploit this vulnerability. Blind SQL Injection Proof-Of-Concept (Using SQLMap) URL example: http://server/apointment.php Page: apointment.php Parameter: age (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: ame=Test&age=24’ AND SLEEP(5) AND 'dQNv'='dQNv&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test
No authentication (login) is required to exploit this vulnerability. Blind SQL Injection Proof-Of-Concept (Using SQLMap) URL example: http://server/booking.php Page: booking.php Parameter: age (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: name=Test&age=2016' AND SLEEP(5) AND 'hhFr'='hhFr&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test
There is a heap overflow vulnerability in ATF image packing. To reproduce the issue, load the attached file '129' using LoadImage.swf as follows: LoadImage.swf?img=129
Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows: LoadImage.swf?img=6. The issue sometimes takes multiple refreshes to crash.
There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to reproduce, as the crash occurs when the player is destroyed, so the crash screen doesn't always show up on the Player. The easiest way to detect the issue is to attach a debugger to the Player and refresh a few times. Took a closer look at this, it is a UaF of plane->model_hp_buffer in the open-source JXR component.
This module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging an error condition.
The vulnerable code is located in the /applications/core/modules/front/system/content.php script. User input passed through the 'content_class' request parameter is not properly sanitized before being used in a call to the 'class_exists()' function at line 40. This could be exploited by unauthenticated attackers to inject and execute arbitrary PHP code leveraging the autoloading function defined into the /applications/cms/Application.php script. Successful exploitation of this vulnerability requires the application running on PHP before version 5.4.24 or 5.5.8.
Services By CQR